RHEL7: How to mitigate HTTP attacks.

If it is not possible to stop a HTTP attack against one of your servers, you can mitigate it.

Here, we will stop an attacker from hitting more than 30 times your server within 60 seconds (it’s up to you to decide the values of these two parameters). After these first 60 seconds, the attacker will have to wait 60 new seconds before he can hit your server again. And, if he doesn’t wait, he will not be able to hit your server again at all.

This tutorial uses the –direct option of the firewall-cmd command and doesn’t require any reboot.

Create the /etc/modprobe.d/xt.conf file and paste the following line:

options xt_recent ip_pkt_list_tot=30

Note: By default, only 20 hitcounts are allowed. As we need 30 hitcounts in the example, we need to specify this new configuration.

Load the xt_recent module:

# modprobe xt_recent

Note: If you need to change the xt_recent configuration later, unload the module (modprobe -r xt_recent) and load it again.